Mercurial > hg > fapweb
view ajax.php @ 0:8019b357cc03
Initial import.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Tue, 04 Dec 2012 19:07:18 +0200 |
| parents | |
| children | 916623924bd5 |
line wrap: on
line source
<? require "mconfig.inc.php"; require "msite.inc.php"; // Check if we are allowed to execute if (!stCheckHTTPS() || !stAuthSession()) { header("Status: 404 Not Found"); exit; } header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past // Open PDO database connection if (!stConnectSQLDB()) die("Could not connect to SQL database."); function setStatus($val, $msg) { global $statusSet; if (!$statusSet) { header("Status: ".$val." ".$msg); } $statusSet = TRUE; } function execSQLCond($sql, $okmsg) { if (($res = stExecSQL($sql)) !== FALSE) { if ($okmsg != "") setStatus(200, $okmsg); return $res; } else { setStatus(900, "Error in SQL execution."); return FALSE; } } // XMLHttp responses $action = "ERROR"; if (stChkRequestItem("action") && stChkRequestItem("type")) { $action = $_REQUEST["action"]; $type = $_REQUEST["type"]; } switch ($action) { case "dump": if (($res = execSQLCond( "SELECT * FROM attendees WHERE email NOT NULL AND email != '' ORDER BY regtime DESC", "Dump OK.")) !== FALSE) { $out1 = array(); $out2 = array(); foreach ($res as $item) { $out1[] = $item["name"]." <".$item["email"].">"; $out2[] = $item["email"]; } echo "<br /><hr />". implode(", ", $out1)."<br /><hr /><br />". implode("<br />", $out1)."<br /><hr /><br />". implode(", ", $out2)."<br /><hr /><br />". implode("<br />", $out2)."<br /><hr />"; } break; case "get": switch ($type) { case "news": $sql = "SELECT * FROM news ORDER BY utime DESC"; break; case "attendees": $sql = "SELECT * FROM attendees ORDER BY regtime DESC"; break; case "compos": $sql = "SELECT * FROM compos ORDER BY id DESC"; break; case "entries": stGetCompoList(TRUE); foreach ($compos as $id => $compo) { echo "<form>\n". " <table class=\"misc\">\n". " <tr>\n". " <th colspan=\"3\">".chentities($compo["name"])."</th>\n". " </tr>\n". " <tr>\n". " <th>Title</th>\n". " <th>Author</th>\n". " <th>Actions</th>\n". " </tr>\n"; $prefix = "en"; foreach ($compo["entries"] as $eid => $entry) { echo " <tr id=\"entry".$eid."\">\n". " <td>".stGetFormTextInput(40, 64, "name", $eid, "en", $entry["name"])."</td>\n". " <td>".stGetFormTextInput(40, 64, "author", $eid, "en", $entry["author"])."</td>\n". " <td>". stGetFormButtonInput("update", $eid, $prefix, " Update ", "updateEntry(".$eid.")"). stGetFormButtonInput("delete", $eid, $prefix, " Delete ", "deleteEntry(".$eid.")"). "</td>\n". " </tr>\n"; } $prefix = "ne"; echo " <tr>\n". " <td>".stGetFormTextInput(40, 64, "name", $id, "ne", "")."</td>\n". " <td>".stGetFormTextInput(40, 64, "author", $id, "ne", "")."</td>\n". " <td>".stGetFormButtonInput("add", $id, $prefix, " Add new ", "addEntry(".$id.")")."</td>\n". " </tr>\n". " </table>\n". "</form>\n"; } break; case "voters": $sql = "SELECT * FROM voters ORDER BY id ASC"; } if (isset($sql) && ($res = execSQLCond($sql, "")) !== FALSE) { if ($type == "news") { foreach ($res as $item) { $id = $item["id"]; stPrintNewsItem($item, "<br />". " <button class=\"button\" id=\"ndel".$id. "\" type=\"button\" onclick=\"deleteNews(".$id. ")\">Delete</button>\n" ); } } else if ($type == "attendees") { echo "<table class=\"attendees\">\n". " <tr>\n". " <th>Name</th>\n". " <th class=\"groups\">Group(s)</th>\n". " <th class=\"regtime\">Registered</th>\n". " <th class=\"oneliner\">Oneliner</th>\n". " <th class=\"email\">E-mail</th>\n". " <th>Actions</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) stPrintAttendee($item, $row++, TRUE); echo "</table>\n"; } else if ($type == "compos") { foreach ($res as $item) { $id = $item["id"]; $prefix = "co"; echo "<div id=\"compo".$id."\">\n". "<h2>#".$id." - ".chentities($item["name"])."</h2>\n". stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"])."\n". stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Enabled")."<br />\n". stGetFormTextArea(5, 60, "description", $id, $prefix, $item["description"])."\n<br />\n". stGetFormButtonInput("update", $id, $prefix, " Update ", "updateCompo(".$id.")")."\n". "</div>\n". "<hr />\n"; } } else if ($type == "voters") { echo "<table class=\"misc\">\n". " <tr>\n". " <th style=\"width: 5%; text-align: center;\">#</th>\n". " <th style=\"\">Vote key</th>\n". " <th style=\"\">Name</th>\n". " <th style=\"width: 5%; text-align: center;\">Active</th>\n". " </tr>\n"; $row = 0; foreach ($res as $item) { $id = $item["id"]; $prefix = "vo"; echo " <tr>\n". " <tr class=\"".($row % 2 == 1 ? "rodd" : "reven")."\" id=\"voter".$id."\">\n". " <td>".sprintf("%04d", $id)."</td>\n". " <td>".chentities($item["key"])."</td>\n". " <td>".stGetFormTextInput(40, 64, "name", $id, $prefix, $item["name"], "onBlur=\"updateVoter(".$id.")\" autocomplete=\"off\"")."</td>\n". " <td>".stGetFormCheckBoxInput("enabled", $id, $prefix, $item["enabled"], "Active", "onClick=\"updateVoter(".$id.")\"")."</td>\n". " </tr>\n"; $row++; } echo "</table>\n"; } } break; case "delete": if (stChkRequestItem("id")) { $id = intval(stGetRequestItem("id")); if ($type == "news") $sql = stPrepareSQL("DELETE FROM news WHERE id=%d AND persist=0", $id); else if ($type == "attendees") $sql = stPrepareSQL("DELETE FROM attendees WHERE id=%d", $id); else if ($type == "entries") $sql = stPrepareSQL("DELETE FROM entries WHERE id=%d", $id); execSQLCond($sql, "OK, ".$type." item ".$id." deleted."); } else setStatus(901, "No ID specified."); break; case "add": if ($type == "news" && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQL( "INSERT INTO news (utime,title,text,author) VALUES (%d,%S,%Q,%S)", time(), "title", "text", "author"); execSQLCond($sql, "OK, news item added."); } else if ($type == "compo" && stChkRequestItem("name") && stChkRequestItem("description")) { $sql = stPrepareSQL( "INSERT INTO compos (name,description,enabled) VALUES (%S,%Q,0)", "name", "description", 0); execSQLCond($sql, "OK, compo added."); } else if ($type == "entry" && stChkRequestItem("name") && stChkRequestItem("author") && stChkRequestItem("compo_id")) { $sql = stPrepareSQL( "INSERT INTO entries (name,author,compo_id) VALUES (%S,%Q,%D)", "name", "author", "compo_id"); execSQLCond($sql, "OK, entry added."); } else setStatus(902, "No data."); break; case "update": if ($type == "attendees" && stChkRequestItem("id") && stChkRequestItem("email") && stChkRequestItem("oneliner")) { $sql = stPrepareSQLUpdate("attendees", "WHERE id=".intval(stGetRequestItem("id")), array( "email" => "S", "oneliner" => "S", )); execSQLCond($sql, "OK, attendee updated."); } else if ($type == "news" && stChkRequestItem("id") && stChkRequestItem("text") && stChkRequestItem("author") && stChkRequestItem("title")) { $sql = stPrepareSQLUpdate("news", "WHERE id=".intval(stGetRequestItem("id")), array( "title" => "S", "text" => "Q", "author" => "S" )); execSQLCond($sql, "OK, news item updated."); } else if ($type == "compo" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("description") && stChkRequestItem("enabled")) { $sql = stPrepareSQLUpdate("compos", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "description" => "Q", "enabled" => "B", )); execSQLCond($sql, "OK, compo updated."); } else if ($type == "voter" && stChkRequestItem("id") && stChkRequestItem("name") && stChkRequestItem("enabled")) { $sql = stPrepareSQLUpdate("voters", "WHERE id=".intval(stGetRequestItem("id")), array( "name" => "S", "enabled" => "B", )); execSQLCond($sql, "OK, voter updated."); } else if ($type == "entry" && stChkRequestItem("id") && stChkRequestItem("compo_id") && stChkRequestItem("name") && stChkRequestItem("author")) { $sql = stPrepareSQLUpdate("entries", "WHERE id=".intval(stGetRequestItem("id"). " AND compo_id=".intval(stGetRequestItem("compo_id"))), array( "name" => "S", "author" => "S", )); execSQLCond($sql, "OK, voter updated."); } else setStatus(902, "No data."); break; default: setStatus(404, "Not Found"); break; } ?>